At this year’s RSA Conference in San Francisco, Kaspersky anti-malware researchers Victor Chebyshev and Mikhail Kuzin presented research that they conducted on seven popular apps for vehicles. They raised a critical question -are we trading security for convenience?

The researches also pointed out four basic flaws in the apps could be exploited by attackers:

No protection against application reverse engineering. As a result, malefactors can dig in and find vulnerabilities that give them access to server-side infrastructure or to the car’s multimedia system.

No code integrity check. This allows criminals to incorporate their own code in the app, adding malicious capabilities and replacing the original program with a fake one on user’s device.

Lack of protection against overlaying techniques. This allows malicious apps to show phishing windows on top of original apps’ windows, tricking users into entering login credentials in windows that send the info to criminals. Storage of logins and passwords in plain text. Using this weakness, a criminal can steal users’ data relatively easily.

Upon successful exploitation, an attacker can gain control over the car, unlock the doors, turn off the security alarm and, theoretically, even steal the vehicle.

Telematics Wire is a niche media and market research firm in the domain of Vehicle Telematics. Since its launch back in 2011, it has emerged as a global player in the vast telematics community as a reliable source of information about the latest happenings in the automotive and transportation industry